[tor-bugs] #16659 [- Select a component]: Linux TCP Initial Sequence Numbers may aid correlation
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Aug 5 22:25:04 UTC 2015
#16659: Linux TCP Initial Sequence Numbers may aid correlation
--------------------------------------+----------------------
Reporter: source | Owner:
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: - Select a component | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
--------------------------------------+----------------------
Comment (by proper):
https://lists.torproject.org/pipermail/tor-talk/2015-August/038697.html
Murdoch, Steven:
> On 25 Jul 2015, at 17:49, Patrick Schleizer <patrick-
mailinglists at whonix.org> wrote:
>> On the other hand, I've read the claim "The kernel embeds the system
>> time in microseconds in TCP connections.", but I haven't found the code
>> in question to confirm, that this is so. Any idea?
>
> The code is here:
> http://lxr.free-electrons.com/source/net/core/secure_seq.c
>
> In particular the seq_scale(u32 seq) function introduces the timestamp.
>
> So if you see two initial sequence numbers for TCP streams between the
same source/destination port/IP then you can work out the time difference
(in units of 64 ns) according to the clock of the other end point.
>
> Best wishes,
> Steven
-----
FYI, made a [https://www.whonix.org/wiki/Dev/TimeSync#Local_Clock_Leaks
list of local clock leaks]. ([http://www.webcitation.org/6aZ6hVk4O w])
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16659#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list